Google+ FBI recommends passphrases over password complexity By Catalin Cimpanu for Zero Day ~ High Tech House Calls
Expert Computer Consulting for Homes and Small Businesses

Let there be hope...

Life has changed there is no doubt and we wanted to reach out to see how you are doing.

As we go through this interesting time, we are trying to look at this as an opportunity to focus on our family and on friends like you. Let us use this extra time to catch up and talk more. Let us cook food that is not fast, but interesting and satisfying. Let us learn to enjoy a time to try new things. Let us find ways to enjoy time at home!

Computer Security

If my client base is any experience, anyone can be a victim of a Ransomware, Malware or Virus attack.

What can you do about it?

I conduct audits of your entire computer infrastructure and apply best practice solutions to plug the security holes on your computers, Smartphones and networks.

Now offering consultations to give you the best protection possible:


404.229.0839
carlthorne@hthcatlanta.com

Jack of All Trades, Master of Many

Jack of All Trades, and Master of Many

We provide technical support for:


Homes and small businesses

Windows and the Mac OS platform

iPhones and Android Smartphones

Wireless and wired networks

New device setup

Old device upgrade or repair

One-on-one training

Remote assistance


How To Stop Malware

» » FBI recommends passphrases over password complexity By Catalin Cimpanu for Zero Day

Sunday, February 23, 2020

FBI recommends passphrases over password complexity By Catalin Cimpanu for Zero Day

12:32 PM  High Tech House Calls, Expert Computer Consulting  

For more than a decade now, security experts have had discussions about what's the best way of choosing passwords for online accounts.
There's one camp that argues for password complexity by adding numbers, uppercase letters, and special characters, and then there's the other camp, arguing for password length by making passwords longer.
This week, in its weekly tech advice column known as Tech Tuesday, the FBI Portland office positioned itself on the side of longer passwords.
"Instead of using a short, complex password that is hard to remember, consider using a longer passphrase," the FBI said.
"This involves combining multiple words into a long string of at least 15 characters," it added. "The extra length of a passphrase makes it harder to crack while also making it easier for you to remember."

PASSPHRASES ARE HARDER TO CRACK

ADVERTISING
The idea behind the FBI's advice is that a longer password, even if relying on simpler words and no special characters, will take longer to crack and require more computational resources.
Even if hackers steal your encrypted password from a hacked company, they won't have the computing power and time needed to crack the password.
Academic research published in 2015 supports this argument, explaining that "the effect of increasing the length dwarfs the effect of extending the alphabet [adding complexity]."
The FBI's advice echoes a now-infamous XKCD webcomic that made the concept of passphrases-over-passwords widely known among internet users.
password-strength.png
Image: XKCD.com/936/
Today, there are web services that will help you generate passphrases in the XKCD style.
There are also open-source libraries that developers can use to add an auto-generate passphrase function in their apps.
Furthermore, NIST password recommendations issued in 2017 have also urged websites and web services to accommodate longer password fields of up to 64 characters for this same reason -- to let users choose passphrases instead of short passwords.
The same NIST guideline also recommended using passphrases over passwords when possible, a recommendation also picked up in a DHS security tip issued in November 2019, also urging users to give passphrases a try.
CorrectHorseBatteryStaple!


Posted in: ,
Print Friendly and PDF